winnie boosted

The #OpenBSD router guide looks at how to use "low end" hardware to build an OpenBSD router with firewalling capabilities, segmented local area networks, DNS with domain blocking, DHCP and more

Bought an old ProLiant Workstation on eBay recently. Navigating through "Intelligent Provisioning" EFI utility, hitting TAB until I got this on the left bottom screen. Can't fall asleep. Afraid of nightmares.

winnie boosted

I just convinced the CEO, CFO, and CTO to transition our entire dev team to be internal #OPNsense developers. :) :) :)

Building security appliances that can do full pcap at 40Gbps line rate based on #HardenedBSD, #OPNsense, and other awesome tech.

As of today, I've reached my dream job.

winnie boosted
winnie boosted

Windows PrivEsc Guide. Good summary with basic approaches. Some links to more juicy stuff at the bottom.

role to bootstrap a @Hetzner_Online Cloud VM with an encrypted rootfs. It's ugly and not idempotent, but does the job pretty well. SSH hostkeys management included. Most of it can be used for other hosters/bare metal.

winnie boosted

More emergencies, Internet Archive 

The Internet Archive had been experimenting with a digital lending library, and when covid severely limited public libraries, the IA started allowing unlimited checkouts (which essentially mean they allowed piracy of their book scans)

This was probably a huge mistake, but now four of the biggest publishers are suing the IA

Losing this means goes down

Can anybody explain why this behavior does not affect the address? Spec?

Show thread

Spend ours debugging why webserver wouldn't bind to a local, fix IPv4 address. Solution was set kernel param net.ipv4.ip_nonlocal_bind = 1.

Usually needed only for elastic IPs... Seems like Linux does not play well with the virtualized interfaces of my provider.

winnie boosted

"Tale of two hypervisor bugs - Escaping from #FreeBSD #bhyve"

^ Author had to reintroduce a vulnerability to successfully exploit on #HardenedBSD:

"All the previously detailed techniques will no
longer work."

Reaction to submission of a stack overflow in the PHP bugtracker

Blog post "Attacking Jenkins":

I wrote down common mistakes and security problems I encountered during reviews of build systems based on . Credits for review: @carloz_spicey

Thank you @LinkedIn for you suggestions. But I think I'll stay with offensive security...

Uploaded my slides from "Attacking Jenkins" talk at :, blogpost will follow during the next days.

Show more

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!